[freeside] Free Side Error
Mark Wells
mark at ns2.pc-intouch.com
Wed Jul 14 02:41:18 PDT 1999
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 14 Jul 1999, Herbert Samuels wrote:
> Hi,
>
> I've gotten freeside to work partially.
> I'm using the Perl suid approach.
> I get this error, however;
>
> &FS::UID::checkruid failed at
> /usr/local/fs-1.2.1/htdocs/edit/process/part_svc.cgi line 59
I didn't know you could suid the CGI scripts. As far as I know, suid only
affects the effective uid, not the real uid. There are probably many ways
around this. The perl documentation suggests this one:
$< = $>; # set real to effective uid
($< is the real uid, $> is the effective. See 'man perlvar'.)
In theory, if the script is suid freeside, and it executes that statement,
it will set its real uid to freeside and checkruid won't complain.
Whether this is safe is another issue. There's obviously *some* good
reason for checkruid to be in there in the first place. Ivan would
probably know. I'm just saying that if you've properly secured your
scripts, that statement would give you a way around checkruid.
But then, if that's what you want, you can replace checkruid (in UID.pm)
with this:
sub &checkruid
{
return &checkeuid;
}
Just make sure you're not creating security holes by doing this. In
particular, make sure that either your OS or your perl interpreter is
suid-safe, and that your HTTP authentication is set up properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7 (GNU/Linux)
Comment: PGPEnvelope - http://www.bigfoot.com/~ftobin/resources.html
iD8DBQE3jFgf2GOwREX5+xQRAsX9AKC3jjpQwgbXV8uewPV0e/TuT/cDvQCfTfvY
QymkiXJRiUHjq3Bk5tQmT6w=
=GS3P
-----END PGP SIGNATURE-----
More information about the freeside-users
mailing list